use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.
the class PlagiarismResource method getPlagiarismComparisonForSplitView.
/**
* Retrieves the plagiarismComparison specified by its ID.
* If a studentLogin is passed the comparison is anonymized
*
* @param courseId the id of the course
* @param comparisonId the id of the PlagiarismComparison
* @param studentLogin optional login of the student
* @return the PlagiarismComparison
* @throws AccessForbiddenException if the requesting user is not affected by the plagiarism case.
*/
@GetMapping("courses/{courseId}/plagiarism-comparisons/{comparisonId}/for-split-view")
@PreAuthorize("hasRole('USER')")
public ResponseEntity<PlagiarismComparison<?>> getPlagiarismComparisonForSplitView(@PathVariable("courseId") long courseId, @PathVariable("comparisonId") Long comparisonId, @RequestParam(value = "studentLogin", required = false) String studentLogin) {
var comparisonA = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsAndElementsAElseThrow(comparisonId);
var comparisonB = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsAndElementsBElseThrow(comparisonId);
Course course = courseRepository.findByIdElseThrow(courseId);
User user = userRepository.getUserWithGroupsAndAuthorities();
if (!authenticationCheckService.isAtLeastStudentInCourse(course, user)) {
throw new AccessForbiddenException("Only students registered for this course can access this plagiarism comparison.");
}
if (!Objects.equals(comparisonA.getPlagiarismResult().getExercise().getCourseViaExerciseGroupOrCourseMember().getId(), courseId)) {
throw new BadRequestAlertException("The courseId does not belong to the given comparisonId", "PlagiarismComparison", "idMismatch");
}
comparisonA.setSubmissionB(comparisonB.getSubmissionB());
if (studentLogin != null) {
comparisonA = this.plagiarismService.anonymizeComparisonForStudent(comparisonA, studentLogin);
}
comparisonA.getSubmissionA().setPlagiarismComparison(null);
comparisonB.getSubmissionB().setPlagiarismComparison(null);
return ResponseEntity.ok(comparisonA);
}
use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.
the class RepositoryResource method getStatus.
/**
* Get the "clean" status of the repository. Clean = No uncommitted changes.
*
* @param domainId that serves as an abstract identifier for retrieving the repository.
* @return ResponseEntity with appropriate status (e.g. ok or forbidden).
* @throws GitAPIException if the repository can't be checked out to retrieve the status.
*/
public ResponseEntity<RepositoryStatusDTO> getStatus(Long domainId) throws GitAPIException {
log.debug("REST request to get clean status for Repository for domainId : {}", domainId);
if (!canAccessRepository(domainId)) {
throw new AccessForbiddenException();
}
RepositoryStatusDTO repositoryStatus = new RepositoryStatusDTO();
VcsRepositoryUrl repositoryUrl = getRepositoryUrl(domainId);
try {
boolean isClean;
// Retrieving the default branch is not necessary if the repository is already cached.
if (gitService.isRepositoryCached(repositoryUrl)) {
isClean = repositoryService.isClean(repositoryUrl);
} else {
String branch = getOrRetrieveBranchOfDomainObject(domainId);
isClean = repositoryService.isClean(repositoryUrl, branch);
}
repositoryStatus.setRepositoryStatus(isClean ? RepositoryStatusDTOType.CLEAN : RepositoryStatusDTOType.UNCOMMITTED_CHANGES);
} catch (CheckoutConflictException | WrongRepositoryStateException ex) {
repositoryStatus.setRepositoryStatus(RepositoryStatusDTOType.CONFLICT);
}
return new ResponseEntity<>(repositoryStatus, HttpStatus.OK);
}
use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.
the class PlagiarismCaseResource method getPlagiarismCasesForCourseForInstructor.
/**
* Retrieves all plagiarism cases related to a course for the instructor view.
*
* @param courseId the id of the course
* @return all plagiarism cases of the course
*/
@GetMapping("courses/{courseId}/plagiarism-cases/for-instructor")
@PreAuthorize("hasRole('INSTRUCTOR')")
public ResponseEntity<List<PlagiarismCase>> getPlagiarismCasesForCourseForInstructor(@PathVariable long courseId) {
log.debug("REST request to get all plagiarism cases for instructor in course with id: {}", courseId);
Course course = courseRepository.findByIdElseThrow(courseId);
if (!authenticationCheckService.isAtLeastInstructorInCourse(course, userRepository.getUserWithGroupsAndAuthorities())) {
throw new AccessForbiddenException("Only instructors of this course have access to its plagiarism cases.");
}
var plagiarismCases = plagiarismCaseRepository.findByCourseIdWithPlagiarismSubmissionsAndComparison(courseId);
return getPlagiarismCasesResponseEntity(plagiarismCases);
}
use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.
the class StudentExamAccessService method checkStudentExamAccessElseThrow.
/**
* Checks if the current user is allowed to see the requested student exam.
*
* @param courseId the if of the course
* @param examId the id of the exam
* @param studentExamId the id of the student exam
* @param currentUser the current user
* @param isTestRun flag to determine if this is a test run or not
*/
public void checkStudentExamAccessElseThrow(Long courseId, Long examId, Long studentExamId, User currentUser, boolean isTestRun) {
checkCourseAndExamAccessElseThrow(courseId, examId, currentUser, isTestRun);
// Check that the student exam exists
StudentExam studentExam = studentExamRepository.findByIdElseThrow(studentExamId);
// Check that the examId equals the id of the exam of the student exam
if (!studentExam.getExam().getId().equals(examId)) {
throw new ConflictException("The student exam does not belong to the exam", "StudentExam", "studentExamExamConflict");
}
// Check that the student of the required student exam (from the database) is the current user
if (!studentExam.getUser().equals(currentUser)) {
throw new AccessForbiddenException();
}
}
use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.
the class FileResource method getTemporaryFileAccessTokenForCourse.
/**
* GET /files/attachments/access-token/{courseId} : Generates an access token that is valid for 30 seconds and given course
*
* @param courseId the course id the access token is for
* @return The generated access token, 403 if the user has no access to the course
*/
@GetMapping("files/attachments/course/{courseId}/access-token")
@PreAuthorize("hasRole('USER')")
public ResponseEntity<String> getTemporaryFileAccessTokenForCourse(@PathVariable Long courseId) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
authCheckService.checkHasAtLeastRoleInCourseElseThrow(Role.STUDENT, courseRepository.findByIdElseThrow(courseId), null);
try {
String temporaryAccessToken = tokenProvider.createFileTokenForCourseWithCustomDuration(authentication, 30, courseId);
return ResponseEntity.ok(temporaryAccessToken);
} catch (IllegalAccessException e) {
throw new AccessForbiddenException();
}
}
Aggregations